Search criteria
3 vulnerabilities found for Sixnet-Managed Industrial Switches by Red Lion Controls
VAR-201805-0207
Vulnerability from variot - Updated: 2023-12-18 12:50A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0207",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sixnet-managed industrial switches",
"scope": "lte",
"trust": 1.0,
"vendor": "redlion",
"version": "5.0.196"
},
{
"model": "stride-managed ethernet switches",
"scope": "lte",
"trust": 1.0,
"vendor": "redlion",
"version": "5.0.190"
},
{
"model": "sixnet-managed industrial switches",
"scope": "eq",
"trust": 0.8,
"vendor": "red lion controls",
"version": "5.0.196"
},
{
"model": "stride-managed ethernet switches",
"scope": "eq",
"trust": 0.8,
"vendor": "red lion controls",
"version": "5.0.190"
},
{
"model": "lion controls sixnet-managed industrial switches",
"scope": "lte",
"trust": 0.6,
"vendor": "red",
"version": "\u003c=5.0.196"
},
{
"model": "lion controls stride-managed ethernet switches",
"scope": "lte",
"trust": 0.6,
"vendor": "red",
"version": "\u003c=5.0.190"
},
{
"model": "sixnet-managed industrial switches",
"scope": "eq",
"trust": 0.6,
"vendor": "redlion",
"version": "5.0.196"
},
{
"model": "stride-managed ethernet switches",
"scope": "eq",
"trust": 0.6,
"vendor": "redlion",
"version": "5.0.190"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "sixnet managed industrial switches",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "stride managed ethernet switches",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d7ae200-463f-11e9-ba56-000c29342cb1"
},
{
"db": "IVD",
"id": "b4b525b8-c3bc-49ae-ba77-47d9bb95900f"
},
{
"db": "CNVD",
"id": "CNVD-2017-02585"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009039"
},
{
"db": "NVD",
"id": "CVE-2016-9335"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-556"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redlion:sixnet-managed_industrial_switches_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0.196",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:redlion:sixnet-managed_industrial_switches:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redlion:stride-managed_ethernet_switches_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0.190",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:redlion:stride-managed_ethernet_switches:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9335"
}
]
},
"cve": "CVE-2016-9335",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-9335",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-02585",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7d7ae200-463f-11e9-ba56-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "b4b525b8-c3bc-49ae-ba77-47d9bb95900f",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-98155",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 10.0,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-9335",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-9335",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-02585",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-556",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7d7ae200-463f-11e9-ba56-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "b4b525b8-c3bc-49ae-ba77-47d9bb95900f",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-98155",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-9335",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d7ae200-463f-11e9-ba56-000c29342cb1"
},
{
"db": "IVD",
"id": "b4b525b8-c3bc-49ae-ba77-47d9bb95900f"
},
{
"db": "CNVD",
"id": "CNVD-2017-02585"
},
{
"db": "VULHUB",
"id": "VHN-98155"
},
{
"db": "VULMON",
"id": "CVE-2016-9335"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009039"
},
{
"db": "NVD",
"id": "CVE-2016-9335"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-556"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9335"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009039"
},
{
"db": "CNVD",
"id": "CNVD-2017-02585"
},
{
"db": "IVD",
"id": "7d7ae200-463f-11e9-ba56-000c29342cb1"
},
{
"db": "IVD",
"id": "b4b525b8-c3bc-49ae-ba77-47d9bb95900f"
},
{
"db": "VULHUB",
"id": "VHN-98155"
},
{
"db": "VULMON",
"id": "CVE-2016-9335"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9335",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-054-02",
"trust": 3.2
},
{
"db": "CNNVD",
"id": "CNNVD-201704-556",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2017-02585",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009039",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D7AE200-463F-11E9-BA56-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "B4B525B8-C3BC-49AE-BA77-47D9BB95900F",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-98155",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-9335",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d7ae200-463f-11e9-ba56-000c29342cb1"
},
{
"db": "IVD",
"id": "b4b525b8-c3bc-49ae-ba77-47d9bb95900f"
},
{
"db": "CNVD",
"id": "CNVD-2017-02585"
},
{
"db": "VULHUB",
"id": "VHN-98155"
},
{
"db": "VULMON",
"id": "CVE-2016-9335"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009039"
},
{
"db": "NVD",
"id": "CVE-2016-9335"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-556"
}
]
},
"id": "VAR-201805-0207",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d7ae200-463f-11e9-ba56-000c29342cb1"
},
{
"db": "IVD",
"id": "b4b525b8-c3bc-49ae-ba77-47d9bb95900f"
},
{
"db": "CNVD",
"id": "CNVD-2017-02585"
},
{
"db": "VULHUB",
"id": "VHN-98155"
}
],
"trust": 2.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d7ae200-463f-11e9-ba56-000c29342cb1"
},
{
"db": "IVD",
"id": "b4b525b8-c3bc-49ae-ba77-47d9bb95900f"
},
{
"db": "CNVD",
"id": "CNVD-2017-02585"
}
]
},
"last_update_date": "2023-12-18T12:50:46.552000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.redlion.net/"
},
{
"title": "Patch for Red Lion Controls Sixnet-Managed Industrial Switches and Stride-Managed Ethernet Switches Hardcoded Encryption Key Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/90358"
},
{
"title": "Red Lion Controls Sixnet-Managed Industrial Switches and AutomationDirect Stride-Managed Ethernet Switches Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74787"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02585"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009039"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-556"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98155"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009039"
},
{
"db": "NVD",
"id": "CVE-2016-9335"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-054-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9335"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9335"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02585"
},
{
"db": "VULHUB",
"id": "VHN-98155"
},
{
"db": "VULMON",
"id": "CVE-2016-9335"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009039"
},
{
"db": "NVD",
"id": "CVE-2016-9335"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-556"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d7ae200-463f-11e9-ba56-000c29342cb1"
},
{
"db": "IVD",
"id": "b4b525b8-c3bc-49ae-ba77-47d9bb95900f"
},
{
"db": "CNVD",
"id": "CNVD-2017-02585"
},
{
"db": "VULHUB",
"id": "VHN-98155"
},
{
"db": "VULMON",
"id": "CVE-2016-9335"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009039"
},
{
"db": "NVD",
"id": "CVE-2016-9335"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-556"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-10T00:00:00",
"db": "IVD",
"id": "7d7ae200-463f-11e9-ba56-000c29342cb1"
},
{
"date": "2017-03-10T00:00:00",
"db": "IVD",
"id": "b4b525b8-c3bc-49ae-ba77-47d9bb95900f"
},
{
"date": "2017-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02585"
},
{
"date": "2018-05-09T00:00:00",
"db": "VULHUB",
"id": "VHN-98155"
},
{
"date": "2018-05-09T00:00:00",
"db": "VULMON",
"id": "CVE-2016-9335"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009039"
},
{
"date": "2018-05-09T13:29:00.247000",
"db": "NVD",
"id": "CVE-2016-9335"
},
{
"date": "2017-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-556"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02585"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-98155"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2016-9335"
},
{
"date": "2018-07-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009039"
},
{
"date": "2019-10-09T23:20:24.460000",
"db": "NVD",
"id": "CVE-2016-9335"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-556"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-556"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Lion Controls Sixnet-Managed Industrial Switches and Stride-Managed Ethernet Switches Vulnerabilities related to the use of hard-coded credentials in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009039"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-556"
}
],
"trust": 0.6
}
}
CVE-2016-9335 (GCVE-0-2016-9335)
Vulnerability from cvelistv5 – Published: 2018-05-09 13:00 – Updated: 2024-09-16 19:04
VLAI?
Summary
A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174.
Severity ?
No CVSS data available.
CWE
- CWE-321 - Use of hard-coded cryptographic key CWE-321
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Red Lion Controls | Sixnet-Managed Industrial Switches |
Affected:
firmware Version 5.0.196 and prior
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sixnet-Managed Industrial Switches",
"vendor": "Red Lion Controls",
"versions": [
{
"status": "affected",
"version": "firmware Version 5.0.196 and prior"
}
]
},
{
"product": "STRIDE-Managed Ethernet Switch models",
"vendor": "AutomationDirect",
"versions": [
{
"status": "affected",
"version": "firmware Version 5.0.190 and prior."
}
]
}
],
"datePublic": "2017-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "Use of hard-coded cryptographic key CWE-321",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-09T12:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2017-02-23T00:00:00",
"ID": "CVE-2016-9335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sixnet-Managed Industrial Switches",
"version": {
"version_data": [
{
"version_value": "firmware Version 5.0.196 and prior"
}
]
}
}
]
},
"vendor_name": "Red Lion Controls"
},
{
"product": {
"product_data": [
{
"product_name": "STRIDE-Managed Ethernet Switch models",
"version": {
"version_data": [
{
"version_value": "firmware Version 5.0.190 and prior."
}
]
}
}
]
},
"vendor_name": "AutomationDirect"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of hard-coded cryptographic key CWE-321"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-9335",
"datePublished": "2018-05-09T13:00:00Z",
"dateReserved": "2016-11-16T00:00:00",
"dateUpdated": "2024-09-16T19:04:11.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9335 (GCVE-0-2016-9335)
Vulnerability from nvd – Published: 2018-05-09 13:00 – Updated: 2024-09-16 19:04
VLAI?
Summary
A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174.
Severity ?
No CVSS data available.
CWE
- CWE-321 - Use of hard-coded cryptographic key CWE-321
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Red Lion Controls | Sixnet-Managed Industrial Switches |
Affected:
firmware Version 5.0.196 and prior
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:50:38.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Sixnet-Managed Industrial Switches",
"vendor": "Red Lion Controls",
"versions": [
{
"status": "affected",
"version": "firmware Version 5.0.196 and prior"
}
]
},
{
"product": "STRIDE-Managed Ethernet Switch models",
"vendor": "AutomationDirect",
"versions": [
{
"status": "affected",
"version": "firmware Version 5.0.190 and prior."
}
]
}
],
"datePublic": "2017-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "Use of hard-coded cryptographic key CWE-321",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-09T12:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2017-02-23T00:00:00",
"ID": "CVE-2016-9335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sixnet-Managed Industrial Switches",
"version": {
"version_data": [
{
"version_value": "firmware Version 5.0.196 and prior"
}
]
}
}
]
},
"vendor_name": "Red Lion Controls"
},
{
"product": {
"product_data": [
{
"product_name": "STRIDE-Managed Ethernet Switch models",
"version": {
"version_data": [
{
"version_value": "firmware Version 5.0.190 and prior."
}
]
}
}
]
},
"vendor_name": "AutomationDirect"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Managed Ethernet switches and Sixnet-Managed Industrial switches use hard-coded HTTP SSL/SSH keys for secure communication. Because these keys cannot be regenerated by users, all products use the same key. The attacker could disrupt communication or compromise the system. CVSS v3 base score: 10, CVSS vector string: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Red Lion Controls recommends updating to SLX firmware Version 5.3.174."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of hard-coded cryptographic key CWE-321"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-9335",
"datePublished": "2018-05-09T13:00:00Z",
"dateReserved": "2016-11-16T00:00:00",
"dateUpdated": "2024-09-16T19:04:11.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}